Start-Up Applications - All

Last update :- 22nd November, 2007
15277 items listed

Introduction

This page presents a searchable, comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.

Close Program/Task Manager

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Operating System Differences

A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.

To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.

Random startup entry/filename viruses

There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\ Run and RunOnce keys, allowing them to run at startup. In all cases below, %system% is a variable - by default this is C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP):

  1. PE_BISTRO - adds "XXXX"="C:\WINDOWS\XXXX.EXE" - where XXXX is the randomly chosen filename of the dropped file
  2. MAGISTR.A - adds "[Virus file name]"="[Virus Path and file name].EXE"
  3. BUGBEAR.A or BUGBEAR.C or BUGBEAR.E - adds ""=%System%\"[random filename].EXE"
  4. OPTIXPRO.11 - adds "%Registry entry%"="%Path%\%Filename%"
  5. Lop.com homepage hijacker - adds multiple and random startup entries
  6. FreeScratchAndWin - adds multiple and random startup entries as it includes LOP above
  7. nCase (or n-Case) parasite - adds multiple and random startup entries
  8. LORAC - adds "[four random characters]"="%Sysdir%\abcdef.exe"
  9. MOSUCK - random name and filename in C:\Windows or C:\Winnt
  10. DEBORMS.D - adds one of a number of valid Name/Startup Item entries but points to the path of the worm file dropped
  11. GIBE.C - adds random name and filename in C:\Windows or C:\Winnt
  12. SWEN.A - adds random name and filename
  13. ZOMBAM.B - adds random name and filename
  14. WANADO or REUR - adds "XXXXXXXX"="%Sysdir%\XXXXXXXX.exe" where X can be any random hexadecimal (0-9, A-F) number
  15. SINCOM - adds random name and filename in C:\Windows or C:\Winnt with "Run:Auto" appended to the command/data column entry
  16. SOBER family - adds "[random string]"="%system%\[random filename.exe]"
  17. BRANCOS.C - adds "win_[4 random characters][4 random numbers 0-9]"="%System%\SYS_386X\[4 random characters][4 random numbers 0-9].exe"
  18. IRC.BOT.B - adds random name and filename
  19. COREFLOO-C - adds "[random filename]"="rundll32 %SYSTEM% [random filename].dll,Init 1"
  20. [random digits].exe = [random digits].exe - 8 random digits, example: 77231997.exe = 77231997.exe. Winpup.exe adult content downloader
  21. DRAGONQQ - "[Trojan's filename]"="[Path to the Trojan]", "[Random name]"="C:\WINNT\[Random name].exe", "[Random name]"="C:\Program Files\[Random name].exe" or "[Random name]"="C:\WINDOWS\[Random name].exe"
  22. FORMADOR - adds "[executed file name]"="%System%\[executed file name].exe"
  23. NETTRASH - adds "[file name]"="[path to filename].exe"
  24. OPTIXPRO.13B - adds "[registry value name]"="[path to trojan].exe"
  25. MYDOOM.F or MYDOOM.G or MYDOOM.H - adds "[4 to 8 random, lowercase letters]"="[worm filename]"
  26. ANNIL - adds random name and filename
  27. ANTINNY.G and ANTINNY.K - adds "[random name]"="[path to worm]"
  28. KILLAV.D - adds "[Trojan filename]"="%Windir%\[Trojan file name]" where %Windir% is C:\Windows or C:\Winnt
  29. MYPOO - adds "[value name]"="[Trojan file name]" where [value name] is configurable
  30. BLACKMAL or BLACKMAL.B - adds "[random_file_name1].exe"="%System%\[random_file_name1].exe"
  31. ERKEX.A - adds "[random_file_name]"="%System%\[random_file_name].exe"
  32. OPASA - adds "[random_file_name]"="%System%\[random_file_name].exe"
  33. GAOBOT.ADN - adds random name and filename
  34. ADWAHECK - adds "[trojan name]"="%System%\[trojan filename]"
  35. GOBOT.A - adds random name and filename in C:\Windows or C:\Winnt
  36. Sandboxer adware - adds random name and filename
  37. AGENT.B - adds "[1-5 random characters]"="RUNDLL32 %System%\[DLL filename].dll,StreamingDeviceSetup"
  38. EXRUNTEL - adds "[original filename]"="%System%\[original filename]"
  39. Margoc adware - adds random name and filename
  40. Winpup adware - adds random name and filename in %System%
  41. KETCH - adds "[word]"="%System%\[word][number].exe"
  42. DARBY.B - adds "[random worm filename]"="%System%\[random worm filename]"
  43. VUNDO - adds "*[trojan name]"="[trojan path]"
  44. BEAKER.A - adds "[5 random lower-case char]"="[5 random lower-case char].exe" in the System, system32, Temp and Fonts sub-directories of %Windir%
  45. LIFEFORENOW - adds "[random filename]"="%System%\[random filename].exe"
  46. DIMI - adds "[random value name]"="%System%\[random filename].exe"
  47. ABEBOT - adds "[random service name]"="[random filename].exe -services"
  48. OMEGA - adds "[random value]" = "%Windir%\[random file name].exe"
  49. NAMSHARE - adds "[Random service name]" = "[Random file name]"
  50. REANET.B - adds "[file name]" = "[path to file name]"
  51. BANCOS.Q - adds "[filename prefix]" = "[path to filename]"
  52. SPYBOTER.GEN - adds "[key name]" = "[file name of Trojan]"
  53. BOTUK - adds "[random characters]Srv32" = "[random characters]srv.exe"
  54. MADTOL-A - adds "[trojan filename]" = "%System%\[trojan filename]"
  55. HESIVE - adds "[trojan filename]" = "[path to trojan]"

    56. Spyware/Adware/Malware/Foistware & Hijackers

    Check CastleCops for information about these types of program. They have very active forums. You may also want to try SpywareInfo for their forums and a list of startup program managers

    o-----------------------------o

    Search Query Courtesy of Dynamic Drive
    Press Alt+S if an entry is found to continue searching

    This search works with IE4+, NS4 and Mozilla/NS7+ but not NS6. Alternatively use your browsers search facility - Ctrl+F for IE users.

    Key:


      Name/Startup Item Command Comments
    Xsystem32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
    Xpathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
    Xsvchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
    XMSPF.EXEAdded by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
    Xdllvirtual.exeAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
    Xdllvirtual.dllAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
    Xdllvirtual.jsAdded by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
    Xajsha5.exeAdded by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field
    X SystemBootservices.exeAdded by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder
    X WinCheckservices.exeAdded by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder
    X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
    X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder
    X winsystem.syssmss.exeAdded by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder
    Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
    Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
    U!AVG Anti-Spywareavgas.exePart of AVG Anti-Spyware from Grisoft
    U!ewidoewido.exePart of Ewido anti-spyware
    N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
    ?$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
    X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
    X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
    X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
    X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
    X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
    X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
    X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
    X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
    X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
    X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
    X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
    U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
    X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
    N%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?
    N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-end
    U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up software
    N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-end
    U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up software
    N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-end
    U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up software
    N%FP%Friendly fts.exefts.exeFriendly ISP software front-end
    X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)
    X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)
    X(default)[random filename].exeAdded by the BLACKMAL WORM!
    X(default)rundll32.exe [path] Zykheptd.dllAdded by the HESIVE.B TROJAN!
    X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN!
    X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!
    X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!
    X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!
    X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!
    X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!
    X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!
    X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!
    X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!
    X*MSConfig32aecache.exeDetected by F-secure as the OBFUSCATED.GP TROJAN!
    X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!
    Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
    X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!
    X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!
    X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!
    X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!
    X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!
    X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!
    X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!
    X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!
    X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!
    X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!
    X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!
    X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!
    X*winstatswinstats.exeAdded by the GARGAFX TROJAN!
    X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
    X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see here
    Y-FreedomNeedsRebootZkRunOnceR.exeInternet Security Suite used by ISPs to protect customers against many attacks
    X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!
    X.mscdrlassa.exeAdded by the WEBUS.C TROJAN!
    X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!
    X.mscdsrlsvchost.exeAdded by the CR TROJAN!
    X.mscsblsvhost.exeAdded by the CMQ TROJAN!
    X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!
    X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!
    ?.NET configsysmon32.exe??
    X.nortonrchost.exeAdded by the BOXED-H TROJAN!
    X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
    X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!
    X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
    X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
    X.protectedN/ASmitfraud variant
    X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
    X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
    X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
    X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
    X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
    N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
    U000pit.exePrivateEye surveillance software. Uninstall this software unless you put it there yourself
    X000hpdllhoshpdllhost.exeLZIO.com adware downloader
    U000StTHK000StTHK.exeToshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
    X0050726-007-i32-10050726-007-i32-1.exeAdded by the BANCBAN-EC TROJAN!
    ?00DSKSVR00desksaver.exeRelated to Advanced Desktop Shield
    ?00DSKSVR01desksaver.exeRelated to Advanced Desktop Shield
    Y00PCTFWFirewallGUI.exePC Tools Firewall Plus - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"
    Y00TCrdMainTCrdMain.exeRelated to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
    U00THotkey00THotKey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
    U00THotkeysystem32THotkey.exeFor Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
    U0190 WarnerWARN0190.EXEAnti-dialer program (Germany)
    U0900 WarnerWARN0900.EXEAnti-dialer program (Germany)
    X0mcamcap0mcamcap.exeAdded by the COSIAM-H TROJAN!
    X0utlook Express*****.exe [* = random char]Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"
    X11.exeAdded by the ESTEEMS TROJAN!
    X1lsass.scrAdded by the BANCOS.V TROJAN!
    X1svchost.scrAdded by the BANCOS.X TROJAN!
    X1111swapmgr.exe1111swapmgr.exeAdded by the IC TROJAN!
    X123456rundll32.exe shell32.dll, Control_RunDLL ...123456.cplAdded by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number
    U12Ghosts Backup12backup.exe12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
    U12Ghosts Clip12clip.exe12Ghosts Clip - "Screen shots made easy"
    U12Ghosts JustAWindow12window.exe12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"
    U12Ghosts Popup-Killer12popup.exe12Ghosts Popup-Killer
    U12Ghosts SaveLayout12autosl.exe12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"
    U12Ghosts SetColor12color.exe12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"
    U12Ghosts ShowTime12showtime.exe12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"
    U12Ghosts Synchronize12sync.exe12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"
    U12Ghosts Tower12tower.exe12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"
    U12Ghosts TrayProtect12srvc.exe12Ghosts TrayProtect - "Hide tray icons, restore after a crash"
    U12Ghosts Wash12wash.exe12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"
    ?17779Proj2002N/A??
    X180adsolution180adsolution.exeNCase adware
    X180ax180ax.exeNCase adware
    X180ClientStubInstallstubinstaller****.exe [* = digit]180Solutions adware related
    X180ClientStubInstall[path to trojan]180Solutions adware related
    X180ClientStubInstall******.tmp [* = random digit/char]180Solutions adware related
    X1916435341.exe1916435341.exeAdded by the DLOADR-AXU TROJAN!
    X196_150_ni196_150_ni.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
    X197_150_ni_3197_150_ni_3.exeWinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
    N1:hpdrv.exeHP utility for monitoring when and how many recoveries have been done
    N1A:MacVisionTrayMonitorTrayMonitor.exeComes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
    Y1A:Stardock MCPmcpserver.exeMaster Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
    Y1A:Stardock TrayMonitorTrayServer.exeFor monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
    ?1CmailSNETMAIL.EXE??
    X1on11on1.exeAdult content dialler
    U1Srv32SpyAgent4.exeSpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
    X1u71u7.exeAdded by the MURBAC-A TROJAN!
    U1Win32CfgSpyBuddy.exeSpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!
    U1Win32CfgKeyloggerpro.exeKeyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!
    X1WinCfg32WebMailSpy.exeWebMailSpy spyware
    X2020Downloadermssvr.exe2020Search Toolbar
    X252winmgr.exeAdded by the LEGMIR-AT TROJAN!
    X27slsorve.exeAdded by the SLSORVE-A TROJAN!
    X27csrss32.exeAdded by the SLSORVE-D TROJAN!
    X27msm32.exeAdded by the SLSORVE-E TROJAN!
    X2Searchmain.exe2Search adware
    X2thousandbuck[path to file]Added by the RANKY.L TROJAN!
    U2wSysTray2portalmon.exe2Wire Homeportal user interface
    X32-bit Thunking servicethunk32.exeAdded by the DERDERO.A WORM!
    X333svchost.exeAdded by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
    X388529725448AutomaticUpdates.exeAdded by the SDBOT-DEN WORM!
    ?39ELTFH25Z8SKFEzg1q5.exeSeems to be associated with software by Resplendence SP ?
    Y3c1807pd3cmlink.exe 3cpipe-3c1807pd3Com WinModem driver. See here for more WinModem information
    Y3capplnk3capplnk.exeUS Robotics Modem driver
    N3cdminic3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
    Y3CM Link3cmcnkw.exeRequired for a US Robotics WinModem as it provides the link to Windows - won't work without it
    Y3Cmlink3CmlinkW.exeFor a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
    N3ComDMIAgent3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
    Y3cpipe-USRpdAUSRmlnkA.exeModem driver files from US Robotics
    X3D Text3D Text.scrAdded by the JERMY.A WORM!
    U3Deep Control Panel3DeepCTL.EXENow superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games
    X3Dfx AccGFXACC.EXEAdded by the GIBE WORM!
    N3dfx Task Manager3dfxMan.exeSystem Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
    Y3dfx Tools3dfxCmn.dllUpdates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
    Y3dfxv2ps.dll3dfxv2ps.dllUpdates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
    ?3Dlabs Taskbar Display Manager3DLman.exe3DLabs graphics driver related. System Tray access to display settings?
    U3DLabsHelperDemon3dldemon.exeDirectly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
    Y3DMouse.EXE3DMouse.EXEDritek System Inc. 3D Mouse driver
    X3d_sound3d_sound.exeAdded by the RIADOS-A TROJAN!
    U3qdctl.exe3qdctl.exeProvided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
    Y3ware 3DM3dm.exeMonitors status of the disk array on 3ware IDE RAID controllers
    X456655explorer.exeAdded by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
    X4684735485910netdll32.exeAdded by the SDBOT-DEV WORM!
    X4da92ad5.exe4da92ad5.exeAdded by the DLOADR-WZ TROJAN!
    U4oDKHost.exeVerisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
    X4wd!!!Natal!.pifAdded by the OPASERV.AI WORM!
    X5-1-61-96members-area.exeAdult content dialler
    X5-2-46-1125-2-46-112.exeAdult content pop-up dialler. Removal instructions here
    X55278grepclient1.exeAdded by the LINEAGE-S TROJAN!
    X5p4m[path to trojan]Added by the LITEBOT-C TROJAN!
    X5whgue215whgue21.exeClearSearch adware
    X666Ska.exeAdded by the PIPES TROJAN!
    X678lsas32.exeAdded by the SLSORVE-B TROJAN!
    X7f8ez****.exe 9idfDetected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder
    U802.11g Wireless AdatperMonitor.exeRelated to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
    X98D0CE0C16B1rundll32.exe D0CE0C16B1, D0CE0C16B1BrowserAid/BrowserPal foistware
    X9mwinlog0n.exeAdded by the LEGMIR-AQK TROJAN!
    Y9xadiras9xadiras.exeAllied Telesyn AT series router/modem related - apparently required
    X9xHtProtectAVprotect9x.exeAdded by the NETSKY.M WORM!
    X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!
    X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character
    X@regedit -s ..win.dllAdded by the SEEKER.K TROJAN!
    N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more info
    N@lohareminder.exeRegistration reminder for @loha@home E-mail utility
    X@tour_ww@tour_ww[1].exeAdult content dialler
    Xaa.exeCommercials file that registers itself in the system registry and redirects IE to a certain commercial website
    Xajesse.exeAdded by the MELO-A WORM!
    XA New Windows Updaterw32NTupdt.exeAdded by MYTOB.BM WORM!
    UA Verizon AppVERIZO~1.EXEPart of Verizon Online Support Manager
    Ua-squareda2guard.exea-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a˛ 'Background Guard' real time protection feature
    Ya-winpoet-servicewinpppoverethernet.exeWinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
    UA1000 Settings Utilitycpqa1000.exeCompaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
    UA4ProxyA4Proxy.exeAnonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
    ?AAACLEANAAACLEAN.INF??
    ?AAAKeyboard????
    NAAATraySaverTraySaver.exeSystem Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
    UAAKaak.exeAdvanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
    XAAMSFree702Avengine.comAdded by the DELF.LJ TROJAN!
    XAAMSFree702sys.exeAdded by the BACKDOOR-CPC TROJAN!
    XAaouamee.exePurityScan/Clickspring adware
    XAappadprot.exeAdBlaster adware
    ?aauclientACNUpdater.exeAppears to be related to software from Accenture.com
    ?ab EazySchedulerezsched.exe??
    NABBYY Community AgentCAGENT.EXEInstalled with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
    UABCkeylogger.exeKeystroke logger/monitoring program - remove unless you installed it yourself!
    Xabcdefghabcdefgh.exeEPJ TROJAN!
    UABIT uGuruuGuru.exeABIT µGuru - on motherboards incorporating the µGuru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
    NABITEQabiteq.exeMonitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
    XAbrada WIN32abrada.exeAdded by the DERMON-G TROJAN!
    UAbsolute Shielddseraser.exeAbsolute Shield Evidence Eliminator - internet history eraser
    UAbsolute StartUp monitorASMon.exeAbsolute Startup - startup monitor from F-Group Software
    UAbsoluteShield Internet Erasercseraser.exeAbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
    XABsrabsr.exeAdded by the AUTOUPDER TROJAN!
    Xabsrmwsvm.exeSeekSeek search hijacker related - see here
    Xabtump3serch.exeLoads the executable for Lop.com. mp3serch.exe is the final version
    Xabtulopsearch.exeLoads the executable for Lop.com. lopsearch.exe is the beta version
    UAbyssWebServerabyssws.exeAbyss web server
    XAc97Soundsnddrv.exeDetected by Sophos as the SILLYFDC-A TROJAN!
    YAcBtnMgr_XxxAcBtnMgr_Xxx.exeAssociated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
    Uaccacc.exeAdvanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
    XACCDEFRAGINFO[path to worm]Added by the DARBY-O WORM!
    UAccelerateaccelerate.exeWebroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
    NAccess Ramp Monitorarmon32.exeMonitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
    XAccess WebControl[path to file]Added by the PPDOOR-M TROJAN!
    UAccessManagerAccessMgr.exePart of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
    XAccessMedia P2P Loaderamp2pl.exeMy AccessMedia toolbar related, stealth installed!
    UAccessoriesPlusclockplus.exeClock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock
    NAccessRamp Monitor01ARMon32a.exeFrom a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
    NAccessRampLAN01ARUpld32.exeVersion of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
    UAcctMgrAcctMgr.exeNorton™ Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
    NAccuWeather.com® DesktopAccuWeatherDesktop.exeDesktop weather from AccuWeather
    Xaccwizz.exeaccwizz.exeAdded by the RULAND.A WORM!
    Xaccwizzz.exeaccwizzz.exeAdded by the RULAND.A WORM!
    Xacdllib3bcdlmem.exeAdded by the MAILBOT-BA TROJAN!
    NACDSeeACDSee8Pro.exeACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories
    ?Ace bowsAce bows.exe??
    NAceGain LiveUpdateLiveUpdate.exe"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
    UAcer ePower ManagementAcer ePower Management.exePart of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
    UAcerGotoAcerGoto.exeAcer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
    UAcerNotebookManageralmxptray.exeSystem Tray access on some Acer Notebooks to give faster access to system settings
    UAcerPowerkeyPowerkey.exePowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
    XAcess2007aaccess2007a.exeAdded by the GAOBOT.PQA WORM!
    XAceu[random filename]PurityScan/Clickspring adware
    YacEventServacevtsrv.exeActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
    UAClntUsrAClntUsr.exeAltiris AClient Service Windows Tray Icon
    NAcme.PCHButtonpchbutton.exeUsed by HP Instant Support
    YACMonitor_XxxACMonitor_Xxx.exeAssociated with the Lexmark Xxx (where "xx" is the model) all-in-one printer/scanner/copier. Required for correct operation
    Xacocashfastdown.exeAdult content dialler
    Xacocashfastdown.exeAdult content dialler
    UAcombo3dmouseAcombo3d.exeMouse driver - required if you use non-standard Windows driver features
    XAcontiaconti.exeAdult content dialler
    Uacousticacoustic.exeControl panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
    Nacpartagpart11.exeProgram for finding trucks on-line
    XAcrobatacrmon32.exeAdded by the SMALL-ECT TROJAN!
    UAcrobat Assistant *.*ACROTRAY.EXEEssential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. *.* represents the version
    XAcrobat Readacroup32.exeAdded by the VANBOT-BQ TROJAN!
    UACROMOUSEACROMAPP.exeRelated to ACROMOUSE Laser mouse control
    UAcronis Popup BlockerRunDll32.exe [path] Blocker.dll, RunPart of Acronis Privacy Expert - anti-spyware and security suite
    UAcronis Scheduler Helperschedhlp.exePart of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
    UAcronis Scheduler2 Serviceschedhlp.exePart of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
    UAcronis True ImageTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
    NAcronis True Image MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
    NAcronis TrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
    UAcronisTimounterMonitorTimounterMonitor.exePart of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
    NAcronisTrueImage MonitorTrueImageMonitor.exePart of Acronis True Image - backup software. Can be disabled without affecting TrueImage
    UAct! PreloaderAct8.exeSage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
    NAction Manager 32am32.exeAssociated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
    ?ActionAgentactionagent.exe"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
    NActivationActivation.exePart of Microsoft Money
    UActivboardMMKeybd.exePackard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
    XActive Bit Stationabs.exeAdded by the MYTOB.BZ WORM!
    UActive Desktop CalendarADC.EXEXemiComputers Active Desktop Calendar
    UActive Email Monitoraem25.exeActive Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
    UActive shieldActiveshield.exeActive Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
    XActiveDesktopsystray32.exeAdded by the DABOOM WORM!
    XACTIVEDSACTIVEDS.EXEAdded by the OPASERV.T WORM!
    NActiveEyesActiveEyes.exeActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
    UActiveKeys.
    AAB635BD7D054a37A576    		akeys.exe"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
    UActiveMenuActiveMenu.exeWild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
    UActivePlusactiveplus.exeInteractive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
    XActiveScan AntivirusActiveScan.exeAdded by the RBOT-FKQ WORM!
    YActiveShieldMCVSSHLD.EXEMcAfee VirusScan On-line. See also the McAgentExe entry
    UActiveSpeedAS.exeAscentive ActiveSpeed Internet Optimizer
    XActiveSyncwcescom32.exeAdded by the MANCSYN-E TROJAN!
    NActiveWordsAWMonitor.exeActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you’ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you’ve defined
    XActiveX Streamermsgfix.exeAdded by the SDBOT.NQ WORM!
    XActiveXUpdatesvcss.exeAdded by a variant of the DEDLER.C TROJAN!
    UActivityactik.exeActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!
    NActivSurfbackweb*****.exePackard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
    UActMakerActMak25.exe"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
    UActMakerActMaker25.exeActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
    UACTrayACTray.exeSystem Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
    UActual Window MinimizerActualWindowMinimizer
    Center.exe    		Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen"
    XACTX1v1201.exeAdded by the VB.IS TROJAN!
    UACUACU.exeAtheros wireless Client Utility
    UACU_QSBACU.exeAtheros wireless Client Utility
    UACWLIconACWLIcon.exeRelated to IBM ThinkVantage Connectivity Solution
    UAd Blockerblocker.exeAd Blocker - blocks popups, and also removes banners, image ads and flash ads
    UAd Blocker ProAd Blocker Pro.exeAd Away popup and banner remover
    UAd MuncherAdMunch.exeAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
    ?Ad Online Guideadonlineguide.exe??
    NAd-awareAd-aware.exeAd-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
    XAd-AwareAd-Aware.exeAdded by the RBOT-ADJ WORM! Note - this is not the popular Ad-aware spware/adware removal tool and is located in the WinntSystem32 or WindowsSystem32 directory
    NAd-Eliminatorad-eliminator.exeSpyware remover - not recommended, see here
    UAd-MuncherADMUNCH.EXEAd Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
    UAd-Protectad-protect.exeAd-Protect spyware and spam monitoring tool
    UAd-watchAd-watch.exePart of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
    UAD2KClientAD2KClient.exeExecutable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
    NAdaptec DirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
    NAdaptecDirectCDDirectcd.exeDirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
    XAdAwarewini.exeAdded by the RBOT-XN WORM!
    NAdaware Bootupad-aware.exeAd-aware from Lavasoft. Checks your PC for "Spyware" which reports back your internet activities to "base". Available via Start -> Programs
    XAdaware lptt01adaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
    XAdaware ml097eadaware.exeRapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
    UAdBinAdBin.exeAdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
    XAdd**.exe [* = random char]Add**.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
    XAdd**32.exe [* = random char]Add**32.exe [* = random char]CoolWebSearch/HomeSearch adware - for examples, see this log
    XAddClassAddClass.exeCoolWebSearch Addclass parasite variant
    XAddClass[Installation_Path]Added by the STARTPAGE.F hijacker
    XAddClass[path to trojan]Added by the SECDL-A TROJAN!
    UAdDeleteAdDelete.exeBanner advertisment blocker
    XAdDestroyerAdDestroyer.exeVirtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
    XADDITIONAL Servicespkgadd.exeAdded by a variant of the IRC.BOT TROJAN!
    ?addproxyaddproxy.exeRelated to Adobe Photoshop
    ?ADGADG.exe SoundBlaster Audigy related?
    NADGJdetADGJDet.exeAdded with SoundBlaster Live! or Audigy soundcards for headphone autodetection
    XaDiradirss.exeAdded by the SPAMSRV-E TROJAN!
    YAdirasAdiras.exeADSL USB modem related
    Xadirkaadirka.exeAdded by the TIBS-QT TROJAN!
    UAdKillerAD Defender.exePart of Advanced Spyware Remover anti-spyware tool
    XADM Library Loaderadmlib32.exeAdded by a variant of the SDBOT TROJAN!
    XAdmanager ControllerAdManCtl.exeAdware, probably a Windupdates variant
    XAdmilli ServiceAdmilliServ.exeWindupdates adware variant
    XAdministratorsvchost.scrAdded by the NOVACAL TROJAN!
    XAdministratorwinlogon.exeAdded by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
    XAdministrator di DagoDago.exeAdded by the PUNYA-B WORM!
    XAdminSoftsysfile.vbsAdded by the STARGRUB-A WORM!
    Uadmtray.exeadmtray.exeRelated to Acer Inc. destop tray
    XAdobeAdobe.exeAdded by an unidentified VIRUS, WORM or TROJAN!
    XAdobesysconfig.exeAdded by an unidentified WORM or TROJAN!
    Xadobegam.exeAdded by an unidentified WORM or TROJAN!
    XAdobesysbat32.exeAdded by the LOWZONES.T TROJAN!
    XAdobezteam.exeAdded by an unidentified TROJAN!
    NAdobe AcrobatREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
    XAdobe Acrobat Distiller Applicationacrotray.exeAdded by the RANDEX.DFJ WORM!
    XAdobe Acrobat Reader CFG[random filename]Added by a variant of the RBOT WORM!
    XAdobe Filter Platformafilterplatform.exeAdded by the RBOT-OP WORM!
    UAdobe Gamma LoaderAdobe Gamma Loader.exeAdjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
    NAdobe Photo Downloaderapdproxy.exePart of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)
    NAdobe Reader Speed Lauchreader_sl.exeSpeeds up the launch of Adobe (Acrobat) Reader 7
    NAdobe Reader Speed Launchreader_sl.exeSpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
    NAdobe Reader Speed LaunchREADER~1.EXESpeeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
    UAdobe Reader SynchronizerAdobeCollabSync.exeAdobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
    UAdobe Version Cue CS2VersionCueCS2Tray.exeFile manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
    XAdobeAadobes.exeAdded by the FLOOD.BA TROJAN!
    XAdobeFontsfonts.htaBrowser hijacker - redirecting to Hugesearch.net
    Xadobemgradobemgr.exeAdded by the ADCLICKER TROJAN!
    XAdobeReadermsni.exeAdded by the RBOT.DAO TROJAN!
    XAdobeReaderPromsnxpsp.exeAdded by the RBOT-ASK or RBOT-AUS WORMS!
    XAdobeReaderProntkernell32.exeAdded by the RBOT-ATY WORM!
    XAdobeReaderPromsnserve.exeAdded by the SDBOT-AKH WORM!
    XAdobeReaderProupdt.exeAdded by the IRCBOT-VQ WORM!
    XAdobeReaderProfessionalmsx64.exeAdded by the RBOT-GAT WORM!
    XAdobeReaderProssysmsn.exeAdded by the RBOT-BGH WORM!
    NAdobeVersionCueVersionCueTray.exe"An exclusive feature of the Adobe® Creative Suite, Version Cue™ helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
    Xadodemasteradodemaster.exeDownloader of Korean origin, detected as ADOD.28672
    XAdope File Managerlsasv.exeAdded by an unidentified WORM or TROJAN!
    Xadpadp.exeSpyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
    XAdPopupdcf5678.exeAdded by the AGENT-FZ TROJAN!
    Xadprotadprot.exeAdBlaster adware
    NADQuickAccessAdtray.exeAfter Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
    XADriverwindrv.exeAdded by the DELF.WG TROJAN!
    XAdRoarUpdateARUpdate.exeAdRoar adware updater
    XAdRotator.Application[path to csrss.exe]Added by the SMALL-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
    XAdRotator.Applicationservices.exeAdded by FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
    NADS Adware RemoverADS Adware Remover.exeAdware remover - not recommended, see here
    XAdsBlockerstopAds.exeReported as DILAER.DW by NOD32
    UADServiceADService.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
    UAdsGoneAdsgone.exeAdsGone - pop-up stopper
    NADSL Diagnostic Toolsmapiicon.exeSystem tray access to ADSL modem diagnostic tools. Available via Start -> Programs
    ?ADSLSYSTEMTRAYSystemtrayV100B.exeApparently Annex A ADSL modem related. What does it do and is it required?
    YAdslTaskBarrundll32.exe stmctrl.dll, TaskBarISP software, initializes DSL modem
    XAdslTaskBarstaskmng.exeAdded by the RBOT-AXZ WORM!
    ?ADSL_A2A2InstalledAssociated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
    YADSSADSS.exeADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
    Xadstartupautomove.exeAdlogix adware variant
    XadstartupAdstartup.exeAdlogix adware variant
    XAdStatus ServiceAdStatServ.exeWindUpdates AdStatus Service adware
    UAdSubtractadsub.exeAdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by Trend Micro AntiSpyware
    Xadtech2005adtech2005.exeDetected by Kaspersky as the STARTPAGE.AW TROJAN!
    Xadtech2006adtech2006.exeDetected by Kaspersky as the VB.KC WORM!
    XAdtools ServiceAdTools.exeWindupdates Adware
    ?ADUadu.exeRelated to Cisco Aironet wireless products. What does it do and is it required?
    XAdultXAdultX.exeAdult content dialler and hijacker
    XAdult_ChatAdult_Chat.exeAdult content dialler
    XAdult_Chat1Adult_Chat1.exeAdult content dialler
    XAdUpdatersysupudt.exeUnidentified adware downloader/updater
    UADUserMonADUserMon.exePart of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk
    XAdvanced DHTML Enableexo32.exeAdded by the RANCK-FI TROJAN!
    XAdvanced Internet Protocolcerf.exeAdded by a variant of the SPYBOT WORM!
    XAdvanced Protection Systemadvpsys.exeAdded by a variant of the RBOT WORM!
    U